Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (182497 => 182498)
--- trunk/Source/_javascript_Core/ChangeLog 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-04-07 22:09:15 UTC (rev 182498)
@@ -1,3 +1,70 @@
+2015-04-07 Filip Pizlo <[email protected]>
+
+ Constant folding of typed array properties should be handled by AI rather than strength reduction
+ https://bugs.webkit.org/show_bug.cgi?id=143496
+
+ Reviewed by Geoffrey Garen.
+
+ Handling constant folding in AI is better because it precludes us from having to fixpoint the CFA
+ phase and whatever other phase did the folding in order to find all constants.
+
+ This also removes the TypedArrayWatchpoint node type because we can just set the watchpoint
+ directly.
+
+ This also fixes a bug in FTL lowering of GetTypedArrayByteOffset. The bug was previously not
+ found because all of the tests for it involved the property getting constant folded. I found that
+ the codegen was bad because an earlier version of the patch broke that constant folding. This
+ adds a new test for that node type, which makes constant folding impossible by allocating a new
+ typed array every type. The lesson here is: if you write a test for something, run the test with
+ full IR dumps to make sure it's actually testing the thing you want it to test.
+
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * dfg/DFGDoesGC.cpp:
+ (JSC::DFG::doesGC):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::dump):
+ (JSC::DFG::Graph::tryGetFoldableView):
+ (JSC::DFG::Graph::tryGetFoldableViewForChild1): Deleted.
+ * dfg/DFGGraph.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasTypedArray): Deleted.
+ (JSC::DFG::Node::typedArray): Deleted.
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStrengthReductionPhase.cpp:
+ (JSC::DFG::StrengthReductionPhase::handleNode):
+ (JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant): Deleted.
+ (JSC::DFG::StrengthReductionPhase::prepareToFoldTypedArray): Deleted.
+ * dfg/DFGWatchpointCollectionPhase.cpp:
+ (JSC::DFG::WatchpointCollectionPhase::handle):
+ (JSC::DFG::WatchpointCollectionPhase::addLazily):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
+ (JSC::FTL::LowerDFGToLLVM::typedArrayLength):
+ * tests/stress/fold-typed-array-properties.js:
+ (foo):
+ * tests/stress/typed-array-byte-offset.js: Added.
+ (foo):
+
2015-04-07 Matthew Mirman <[email protected]>
Source and stack information should get appended only to native errors
Modified: trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -1383,9 +1383,6 @@
m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->activationStructure());
break;
- case TypedArrayWatchpoint:
- break;
-
case CreateDirectArguments:
forNode(node).set(m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->directArgumentsStructure());
break;
@@ -1520,9 +1517,16 @@
break;
}
- case GetArrayLength:
+ case GetArrayLength: {
+ JSArrayBufferView* view = m_graph.tryGetFoldableView(
+ forNode(node->child1()).m_value, node->arrayMode());
+ if (view) {
+ setConstant(node, jsNumber(view->length()));
+ break;
+ }
forNode(node).setType(SpecInt32);
break;
+ }
case CheckStructure: {
AbstractValue& value = forNode(node->child1());
@@ -1705,13 +1709,25 @@
value.set(m_graph, node->structure());
break;
}
- case GetIndexedPropertyStorage:
+ case GetIndexedPropertyStorage: {
+ JSArrayBufferView* view = m_graph.tryGetFoldableView(
+ forNode(node->child1()).m_value, node->arrayMode());
+ if (view)
+ m_state.setFoundConstants(true);
+ forNode(node).clear();
+ break;
+ }
case ConstantStoragePointer: {
forNode(node).clear();
break;
}
case GetTypedArrayByteOffset: {
+ JSArrayBufferView* view = m_graph.tryGetFoldableView(forNode(node->child1()).m_value);
+ if (view) {
+ setConstant(node, jsNumber(view->byteOffset()));
+ break;
+ }
forNode(node).setType(SpecInt32);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGClobberize.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGClobberize.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -306,11 +306,6 @@
write(SideState);
return;
- case TypedArrayWatchpoint:
- read(Watchpoint_fire);
- write(SideState);
- return;
-
case NotifyWrite:
write(Watchpoint_fire);
write(SideState);
Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -115,6 +115,30 @@
break;
}
+ case GetIndexedPropertyStorage: {
+ JSArrayBufferView* view = m_graph.tryGetFoldableView(
+ m_state.forNode(node->child1()).m_value, node->arrayMode());
+ if (!view)
+ break;
+
+ if (view->mode() == FastTypedArray) {
+ // FIXME: It would be awesome to be able to fold the property storage for
+ // these GC-allocated typed arrays. For now it doesn't matter because the
+ // most common use-cases for constant typed arrays involve large arrays with
+ // aliased buffer views.
+ // https://bugs.webkit.org/show_bug.cgi?id=125425
+ break;
+ }
+
+ m_interpreter.execute(indexInBlock);
+ eliminated = true;
+
+ m_insertionSet.insertNode(
+ indexInBlock, SpecNone, Phantom, node->origin, node->children);
+ node->convertToConstantStoragePointer(view->vector());
+ break;
+ }
+
case CheckStructureImmediate: {
AbstractValue& value = m_state.forNode(node->child1());
StructureSet& set = node->structureSet();
Modified: trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGDoesGC.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -164,7 +164,6 @@
case StoreBarrierWithNullCheck:
case InvalidationPoint:
case NotifyWrite:
- case TypedArrayWatchpoint:
case CheckInBounds:
case ConstantStoragePointer:
case Check:
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -1238,7 +1238,6 @@
case LoopHint:
case StoreBarrier:
case StoreBarrierWithNullCheck:
- case TypedArrayWatchpoint:
case MovHint:
case ZombieHint:
case BottomValue:
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -313,8 +313,6 @@
out.print(comma, RawPointer(node->executionCounter()));
if (node->hasVariableWatchpointSet())
out.print(comma, RawPointer(node->variableWatchpointSet()));
- if (node->hasTypedArray())
- out.print(comma, inContext(JSValue(node->typedArray()), context));
if (node->hasStoragePointer())
out.print(comma, RawPointer(node->storagePointer()));
if (node->hasObjectMaterializationData())
@@ -1071,29 +1069,27 @@
return tryGetConstantClosureVar(node->asJSValue(), offset);
}
-JSArrayBufferView* Graph::tryGetFoldableView(Node* node)
+JSArrayBufferView* Graph::tryGetFoldableView(JSValue value)
{
- JSArrayBufferView* view = node->dynamicCastConstant<JSArrayBufferView*>();
- if (!view)
+ if (!value)
return nullptr;
+ JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(value);
+ if (!value)
+ return nullptr;
if (!view->length())
return nullptr;
WTF::loadLoadFence();
+ watchpoints().addLazily(view);
return view;
}
-JSArrayBufferView* Graph::tryGetFoldableView(Node* node, ArrayMode arrayMode)
+JSArrayBufferView* Graph::tryGetFoldableView(JSValue value, ArrayMode arrayMode)
{
if (arrayMode.typedArrayType() == NotTypedArray)
- return 0;
- return tryGetFoldableView(node);
+ return nullptr;
+ return tryGetFoldableView(value);
}
-JSArrayBufferView* Graph::tryGetFoldableViewForChild1(Node* node)
-{
- return tryGetFoldableView(child(node, 0).node(), node->arrayMode());
-}
-
void Graph::registerFrozenValues()
{
m_codeBlock->constants().resize(0);
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -692,9 +692,8 @@
JSValue tryGetConstantClosureVar(const AbstractValue&, ScopeOffset);
JSValue tryGetConstantClosureVar(Node*, ScopeOffset);
- JSArrayBufferView* tryGetFoldableView(Node*);
- JSArrayBufferView* tryGetFoldableView(Node*, ArrayMode);
- JSArrayBufferView* tryGetFoldableViewForChild1(Node*);
+ JSArrayBufferView* tryGetFoldableView(JSValue);
+ JSArrayBufferView* tryGetFoldableView(JSValue, ArrayMode arrayMode);
void registerFrozenValues();
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -1229,16 +1229,6 @@
return reinterpret_cast<VariableWatchpointSet*>(m_opInfo);
}
- bool hasTypedArray()
- {
- return op() == TypedArrayWatchpoint;
- }
-
- JSArrayBufferView* typedArray()
- {
- return reinterpret_cast<JSArrayBufferView*>(m_opInfo);
- }
-
bool hasStoragePointer()
{
return op() == ConstantStoragePointer;
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -174,7 +174,6 @@
macro(ArrayifyToStructure, NodeMustGenerate) \
macro(GetIndexedPropertyStorage, NodeResultStorage) \
macro(ConstantStoragePointer, NodeResultStorage) \
- macro(TypedArrayWatchpoint, NodeMustGenerate) \
macro(GetGetter, NodeResultJS) \
macro(GetSetter, NodeResultJS) \
macro(GetByOffset, NodeResultJS) \
Modified: trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGPredictionPropagationPhase.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -645,7 +645,6 @@
case Unreachable:
case LoopHint:
case NotifyWrite:
- case TypedArrayWatchpoint:
case ConstantStoragePointer:
case MovHint:
case ZombieHint:
Modified: trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGSafeToExecute.h 2015-04-07 22:09:15 UTC (rev 182498)
@@ -251,7 +251,6 @@
case StoreBarrierWithNullCheck:
case InvalidationPoint:
case NotifyWrite:
- case TypedArrayWatchpoint:
case CheckInBounds:
case ConstantStoragePointer:
case Check:
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -2268,7 +2268,9 @@
{
if (node->op() == PutByValAlias)
return JITCompiler::Jump();
- if (JSArrayBufferView* view = m_jit.graph().tryGetFoldableViewForChild1(node)) {
+ JSArrayBufferView* view = m_jit.graph().tryGetFoldableView(
+ m_state.forNode(m_jit.graph().child(node, 0)).m_value, node->arrayMode());
+ if (view) {
uint32_t length = view->length();
Node* indexNode = m_jit.graph().child(node, 1).node();
if (indexNode->isInt32Constant() && indexNode->asUInt32() < length)
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -3533,8 +3533,7 @@
break;
}
- case AllocationProfileWatchpoint:
- case TypedArrayWatchpoint: {
+ case AllocationProfileWatchpoint: {
noResult(node);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -3608,8 +3608,7 @@
break;
}
- case AllocationProfileWatchpoint:
- case TypedArrayWatchpoint: {
+ case AllocationProfileWatchpoint: {
noResult(node);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -146,33 +146,6 @@
}
break;
- case GetArrayLength:
- if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
- foldTypedArrayPropertyToConstant(view, jsNumber(view->length()));
- break;
-
- case GetTypedArrayByteOffset:
- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node()))
- foldTypedArrayPropertyToConstant(view, jsNumber(view->byteOffset()));
- break;
-
- case GetIndexedPropertyStorage:
- if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node)) {
- if (view->mode() != FastTypedArray) {
- prepareToFoldTypedArray(view);
- m_node->convertToConstantStoragePointer(view->vector());
- m_changed = true;
- break;
- } else {
- // FIXME: It would be awesome to be able to fold the property storage for
- // these GC-allocated typed arrays. For now it doesn't matter because the
- // most common use-cases for constant typed arrays involve large arrays with
- // aliased buffer views.
- // https://bugs.webkit.org/show_bug.cgi?id=125425
- }
- }
- break;
-
case ValueRep:
case Int52Rep:
case DoubleRep: {
@@ -283,22 +256,6 @@
convertToIdentityOverChild(1);
}
- void foldTypedArrayPropertyToConstant(JSArrayBufferView* view, JSValue constant)
- {
- prepareToFoldTypedArray(view);
- m_graph.convertToConstant(m_node, constant);
- m_changed = true;
- }
-
- void prepareToFoldTypedArray(JSArrayBufferView* view)
- {
- m_insertionSet.insertNode(
- m_nodeIndex, SpecNone, TypedArrayWatchpoint, m_node->origin,
- OpInfo(view));
- m_insertionSet.insertNode(
- m_nodeIndex, SpecNone, Phantom, m_node->origin, m_node->children);
- }
-
void handleCommutativity()
{
// If the right side is a constant then there is nothing left to do.
Modified: trunk/Source/_javascript_Core/dfg/DFGWatchpointCollectionPhase.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/dfg/DFGWatchpointCollectionPhase.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/dfg/DFGWatchpointCollectionPhase.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -92,16 +92,8 @@
if (m_node->arrayMode().type() == Array::String)
handleStringGetByVal();
-
- if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
- addLazily(view);
break;
- case PutByVal:
- if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
- addLazily(view);
- break;
-
case StringCharAt:
handleStringGetByVal();
break;
@@ -121,10 +113,6 @@
addLazily(globalObject()->varInjectionWatchpoint());
break;
- case TypedArrayWatchpoint:
- addLazily(m_node->typedArray());
- break;
-
default:
break;
}
@@ -154,10 +142,6 @@
{
m_graph.watchpoints().addLazily(set);
}
- void addLazily(JSArrayBufferView* view)
- {
- m_graph.watchpoints().addLazily(view);
- }
JSGlobalObject* globalObject()
{
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -119,7 +119,6 @@
case StringCharCodeAt:
case AllocatePropertyStorage:
case ReallocatePropertyStorage:
- case TypedArrayWatchpoint:
case GetTypedArrayByteOffset:
case NotifyWrite:
case StoreBarrier:
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (182497 => 182498)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-04-07 22:09:15 UTC (rev 182498)
@@ -846,7 +846,6 @@
case PhantomLocal:
case LoopHint:
- case TypedArrayWatchpoint:
case AllocationProfileWatchpoint:
case MovHint:
case ZombieHint:
@@ -2105,9 +2104,9 @@
LBasicBlock wastefulCase = FTL_NEW_BLOCK(m_out, ("wasteful typed array"));
LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("continuation branch"));
- LValue baseAddress = m_out.addPtr(basePtr, JSArrayBufferView::offsetOfMode());
+ LValue mode = m_out.load32(basePtr, m_heaps.JSArrayBufferView_mode);
m_out.branch(
- m_out.notEqual(baseAddress , m_out.constIntPtr(WastefulTypedArray)),
+ m_out.notEqual(mode, m_out.constInt32(WastefulTypedArray)),
unsure(simpleCase), unsure(wastefulCase));
// begin simple case
@@ -2125,7 +2124,7 @@
LValue arrayBufferPtr = m_out.loadPtr(butterflyPtr, m_heaps.Butterfly_arrayBuffer);
LValue dataPtr = m_out.loadPtr(arrayBufferPtr, m_heaps.ArrayBuffer_data);
- ValueFromBlock wastefulOut = m_out.anchor(m_out.sub(dataPtr, vectorPtr));
+ ValueFromBlock wastefulOut = m_out.anchor(m_out.sub(vectorPtr, dataPtr));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -5785,7 +5784,9 @@
LValue typedArrayLength(Edge baseEdge, ArrayMode arrayMode, LValue base)
{
- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(baseEdge.node(), arrayMode))
+ JSArrayBufferView* view = m_graph.tryGetFoldableView(
+ m_state.forNode(baseEdge).m_value, arrayMode);
+ if (view)
return m_out.constInt32(view->length());
return m_out.load32NonNegative(base, m_heaps.JSArrayBufferView_length);
}
Modified: trunk/Source/_javascript_Core/tests/stress/fold-typed-array-properties.js (182497 => 182498)
--- trunk/Source/_javascript_Core/tests/stress/fold-typed-array-properties.js 2015-04-07 21:42:38 UTC (rev 182497)
+++ trunk/Source/_javascript_Core/tests/stress/fold-typed-array-properties.js 2015-04-07 22:09:15 UTC (rev 182498)
@@ -1,29 +1,32 @@
var a = new Int32Array(new ArrayBuffer(100), 4, 1);
if (a.length != 1)
- throw "Error: bad length: " + a.length;
+ throw "Error: bad length (start): " + a.length;
if (a.byteOffset != 4)
- throw "Error: bad offset: " + a.byteOffset;
+ throw "Error: bad offset (start): " + a.byteOffset;
if (a.byteLength != 4)
- throw "Error: bad byte length: " + a.byteLength;
+ throw "Error: bad byte length (start): " + a.byteLength;
-function foo() {
- if (a.length != 1)
- throw "Error: bad length: " + a.length;
- if (a.byteOffset != 4)
- throw "Error: bad offset: " + a.byteOffset;
- if (a.byteLength != 4)
- throw "Error: bad byte length: " + a.byteLength;
+function foo(when) {
+ var tmp = a.length;
+ if (tmp != 1)
+ throw "Error: bad length (" + when + "): " + tmp;
+ tmp = a.byteOffset;
+ if (tmp != 4)
+ throw "Error: bad offset (" + when + "): " + tmp;
+ tmp = a.byteLength;
+ if (tmp != 4)
+ throw "Error: bad byte length (" + when + "): " + tmp;
}
for (var i = 0; i < 1000000; ++i)
- foo();
+ foo("loop");
transferArrayBuffer(a.buffer);
var didThrow = false;
try {
- foo();
+ foo("after transfer");
} catch (e) {
didThrow = true;
}
@@ -32,8 +35,8 @@
throw "Should have thrown.";
if (a.length != 0)
- throw "Error: bad length: " + a.length;
+ throw "Error: bad length (end): " + a.length;
if (a.byteOffset != 0)
- throw "Error: bad offset: " + a.byteOffset;
+ throw "Error: bad offset (end): " + a.byteOffset;
if (a.byteLength != 0)
- throw "Error: bad byte length: " + a.byteLength;
+ throw "Error: bad byte length (end): " + a.byteLength;
Added: trunk/Source/_javascript_Core/tests/stress/typed-array-byte-offset.js (0 => 182498)
--- trunk/Source/_javascript_Core/tests/stress/typed-array-byte-offset.js (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/typed-array-byte-offset.js 2015-04-07 22:09:15 UTC (rev 182498)
@@ -0,0 +1,17 @@
+function foo(array) {
+ return array.byteOffset;
+}
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(new Int32Array(100));
+ if (result != 0)
+ throw "Error: bad result for fast typed array: " + result;
+ result = foo(new Int32Array(100000));
+ if (result != 0)
+ throw "Error: bad result for big typed array: " + result;
+ result = foo(new Int32Array(new ArrayBuffer(100), 4, 1));
+ if (result != 4)
+ throw "Error: bad result for wasteful typed array: " + result;
+}
